fix: change SQLite database mode to 0600

[drigz]

The default mode is 0644, which is allows broader access than necessary.

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

I haven't added an automated test, as I didn't see a clean place to add it (maybe test/e2e/run.sh but there are no assertions there, and Cypress seems more about asserting what happens in the browser. If I should add a test, let me know where.

Instead, here's "proof" that it works:

$ docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate
[...]
Ctrl+C
$ sudo ls -l /var/lib/docker/volumes/kratos_kratos-sqlite/_data
total 380
-rw-r--r-- 1 10000 systemd-journal 385024 Mar 25 16:24 db.sqlite
$ sudo rm /var/lib/docker/volumes/kratos_kratos-sqlite/_data/db.sqlite
$ git checkout sqlite-mode
$ sudo ls -l /var/lib/docker/volumes/kratos_kratos-sqlite/_data
total 380
-rw------- 1 10000 systemd-journal 385024 Mar 25 16:25 db.sqlite

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #2344 (a6aed56) into master (9c9477a) will increase coverage by 0.22%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2344      +/-   ##
==========================================
+ Coverage   76.39%   76.61%   +0.22%     
==========================================
  Files         318      318              
  Lines       17370    17189     -181     
==========================================
- Hits        13269    13170      -99     
+ Misses       3162     3087      -75     
+ Partials      939      932       -7     

Impacted Files	Coverage Δ
x/provider.go	0.00% <0.00%> (-66.67%)	⬇️
schema/errors.go	79.56% <0.00%> (-2.51%)	⬇️
selfservice/flow/recovery/hook.go	93.10% <0.00%> (-0.65%)	⬇️
selfservice/flow/verification/hook.go	93.10% <0.00%> (-0.65%)	⬇️
ui/node/node.go	90.55% <0.00%> (-0.56%)	⬇️
selfservice/flow/verification/flow.go	89.04% <0.00%> (-0.30%)	⬇️
selfservice/flow/recovery/flow.go	93.44% <0.00%> (-0.21%)	⬇️
selfservice/flow/flow.go	100.00% <0.00%> (ø)
selfservice/flow/error.go	100.00% <0.00%> (ø)
selfservice/hook/address_verifier.go	100.00% <0.00%> (ø)
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9c9477a...a6aed56. Read the comment docs.

[zepatrik]

I guess we should carry these changes over to Hydra and Keto as well?

[vinckr]

Hello @drigz
Congrats on merging your first PR in Ory 🎉 !
Your contribution will soon be helping secure millions of identities around the globe 🌏.
As a small token of appreciation we send all our first time contributors a gift package to welcome them to the community.
Please drop me an email and I will forward you the form to claim your Ory swag!